Linux
CVE-2026-27884
MEDIUM
Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Lifecycle Timeline
2DescriptionGitHub Advisory
NetExec is a network execution tool. Prior to version 1.5.1, the module spider_plus improperly creates the output file and folder path when saving files from SMB shares. It does not take into account that it is possible for Linux SMB shares to have path traversal characters such as ../ in them. An attacker can craft a filename in an SMB share that includes these characters, which when spider_plus crawls and downloads, can write or overwrite arbitrary files. The issue is patched in v1.5.1. As a workaround, do not run spider_plus with DOWNLOAD=true against targets.
AnalysisAI
NetExec's spider_plus module prior to version 1.5.1 fails to sanitize path traversal characters in SMB share filenames, allowing remote attackers to write or overwrite arbitrary files on Linux systems when the DOWNLOAD feature is enabled. The vulnerability requires user interaction to trigger the malicious SMB share crawl and currently has no available patch. Organizations using NetExec should disable the DOWNLOAD=true option as a temporary mitigation.
Technical ContextAI
Classified as CWE-22 (Path Traversal). Affects NetExec is a network execution tool.. NetExec is a network execution tool. Prior to version 1.5.1, the module spider_plus improperly creates the output file and folder path when saving files from SMB shares. It does not take into account that it is possible for Linux SMB shares to have path traversal characters such as ../ in them. An attacker can craft a filename in an SMB share that includes these characters, which when spider_plus crawls and downloads, can write or overwrite arbitrary files. The issue is patched in v1.5.1. As a
Affected ProductsAI
Product: NetExec is a network execution tool.. Versions: up to 1.5.1.
RemediationAI
Monitor vendor advisories for a patch. Validate and sanitize file path inputs. Use allowlists. Restrict network access to the affected service where possible.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today